Bringing SMEs closer on the understanding of “Cybersecurity Standards: impacts and gaps for SMEs” was a one-day, intense and user centric workshop hosted by CEN & CENELEC Management Centre in Brussels on the 24th of May 2019 with the specific purpose to support SMEs in both identifying the relevant cybersecurity policies, rules, and standards as well as an opportunity to obtain SME feedback on which EU priorities should be taken forward allowing decision makers more insights in developing future work programmes especially in light o the upcoming Digital Europe Programme DEP.

Silvana Muscella, StandICT.eu Coordinator, introducing the main achievements of the project

The event, organized by two H2020 projects both StandICT.eu and SMESEC, gathered speaker representatives from ETSI TC Cyber, ECSO and Digital SME Alliance. Moreover, different ICT SMEs, funding agencies and EU Policy Makers came together to assess the future priorities and challenges in cybersecurity standardisation as well as to acquire practical knowledge about SME related cybersecurity standards.

Philippe Cousin opened the workshop and welcomed a policy level talk by Mr Florent Frederix, Senior Project Officer of the Euroepan Commission DG Connect, who introduced the EU Cybersecurity Package and the Innovation & Research Plan towards Horizon Europe.

The Cybersecurity Package will enable a more robust response to cyber-attacks by:

• Encouraging a Single Cybersecurity Market • Pooling and shaping research efforts in Cybersecurity
• Fostering NIS Directive implementation
• Proposing a reformed ENISA
• EU Cybersecurity Certification
• Coordinating an emergency response

The Workshop boasted in-depth presentations of the ETSI TC Cyber (a committee working on industry security since 2014 and a relevant forum for SMEs to get involved in Standardisation activities), Cen Cenelec JTC 13 (a committee involved in the development of standards for cybersecurity and data protection covering all aspects of the evolving information society) and ECSO (the European organisation representing cyber security industry players, as well as national public administrations, research centres, SME’s and academia).

This event was also the perfect opportunity to provide a voice to the StandICT.eu community featuring three StandICT.eu successful grantees on stage. Three professionals fully engaged in the Cybersecurity domain who showcased the European Gaps & Priorities addressed by their work with the support of the initiative:

1. Stephen Farrell, Research Fellow at Trinity College Dublin (Faculty Computer Science & Statistics) improving security and privacy for people using the Internet
   "Thanks to StandICT.eu, my participation is no longer artificially bound to particular research projects, which much better matches the requirements for successful participation in ongoing standards activities"
2. Javier Guerri, CTO & Managing Director at JTSEC Beyond Security
   "I am deeply grateful to StandICT.eu for promoting the development of the patch management methodology, as indispèensable requirement to guarantee the assurance continuity of cybersecurity in today IoT products"
3. Jacqueline Zoest, Advisor & Consultant at Campbell Millar "Privacy by design for Consumer Goods & Services"
   "Security is not solely an IT/Technical issue: for most large organisations, there will be an existing Risk Management function, where the responsibility for compliance with regulations may sit most comfortably"

The following are currently the recognized EU Gaps in the Cybersecurity field that were posed to the audience:

• Purpose legitimacy and specification
• Collection limitation
• Consent and choice
• Data minimization
• Use, retention and disclosure limitation
• Accuracy and quality
• Openness, transparency and notice
• Individual participation and access
• Accountability
• Information Security
• Privacy compliance

StandICT.eu grantees presenting their activities to the audience

Finally, significant attention was directed at the next “European Cybersecurity Technology & Innovation Ecosystem” which will encompass:

• European Competence Centre (to support joint investment by the EU, Member States and industry and sustain deployment of products and solutions)
• Network of National Coordination Centres (Nominated by Member States as the national contact point)
• Competence Community - A large, open and diverse group of cybersecurity stakeholders from research, private and public sector

The workshop proved extremely constructive and pragmatic actions that will be carried out in the following months to strengthen a more continued dialogue between the actors in the cybersecurity and standards area. Specific actions are:

1. StandICT.eu will liaise with its SMEs representatives and applicants to acquire feedback and contribute to the EN draft that ETSI TC Cyber will be releasing in the coming months.
2. StandICT.eu will establish a collaboration with ECSO by collecting the most significant insights from the StandICT.eu Cybersecurity applicants about EU gaps & priorities, to be submitted to ECSO’s careful perusal and come up with some guidelines.
3. StandICT.eu is in talks with Cen Cenelec’s to contribute to its event on “Boosting Innovation through Standards”, organised for 13th November 2019 in Brussels.
4. A robust strategy between SMESEC & StandICT.eu has been elaborated to deploy a long-term mutual connection with the relative Standard Experts community.

Don't miss the chance to share with us your effort in Standardisation: send us your ICT Standards Insights filling the website form and follow our daily updates on Twitter!